AHHHHHHHHHHHHH!
That just made my head hurt LOL
Just looking over some of it seems it stole an address book and spoofed
the names
I do not see a helo handshake only Recieved
On 11/04/2015 02:55 PM, Mike Hammett wrote:
Return-Path:
00000150d443873d-d34afdb9-d77b-4adb-b662-1afff9123032-000...@amazonses.com
Received: from 10.1.8.7 (LHLO mta1.ics-il.net) (10.1.8.7) by
mailbox1.ics-il.net with LMTP; Wed, 4 Nov 2015 14:50:18 -0600 (CST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mta1.ics-il.net (Postfix) with ESMTP id AE8E61CDFA8
for <[email protected]>; Wed, 4 Nov 2015 14:50:18 -0600 (CST)
X-Virus-Scanned: amavisd-new at mta1.ics-il.net
X-Spam-Flag: NO
X-Spam-Score: 2.741
X-Spam-Level: **
X-Spam-Status: No, score=2.741 tagged_above=-10 required=6.6
tests=[BAYES_00=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, PYZOR_CHECK=3.25, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_RED=0.001]
autolearn=no
Authentication-Results: mta1.ics-il.net (amavisd-new); dkim=pass
[email protected]
Received: from mta1.ics-il.net ([127.0.0.1])
by localhost (mta1.ics-il.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id TX+BKHYmZMqn for <[email protected]>;
Wed, 4 Nov 2015 14:50:10 -0600 (CST)
Received: from a10-188.smtp-out.amazonses.com (a10-188.smtp-out.amazonses.com
[54.240.10.188])
by mta1.ics-il.net (Postfix) with ESMTPS id 024EF1CDFE6
for <[email protected]>; Wed, 4 Nov 2015 14:50:09 -0600 (CST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1446670207;
h=From:To:Date:Message-ID:MIME-Version:Content-Type:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:Reply-To:Sender:Feedback-ID;
bh=bddqX/VzURn+CZyTSjsMcQzWo1BtAaC1hO/sYLJAMY0=;
b=hKHnG5NYXh6OAyYjJf+xO3i5duBXBkRpMxAh1QC42LasdXUb4P528Ode++ekBv4h
usodabIeVKl+oTIyPOcsOdnnCtnJQydIPQae8ajkyGmEprp0ALnuS8JEqSkvD++2jxd
MrV0YrPvrPW/wRgsTmStLWLOGkS7n1l5aieS4few=
From: Adam Logan <[email protected]>
To: "Ben Moore" <[email protected]>, "Bill Prince" <[email protected]>,
"Bruce Robertson" <[email protected]>, "Butch Evans" <[email protected]>
Date: Wed, 4 Nov 2015 20:50:07 +0000
Message-ID:
<00000150d443873d-d34afdb9-d77b-4adb-b662-1afff9123032-000...@email.amazonses.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_3ECF1013.1AF15E61"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdEW1gbCh7h8eHQHQdddoZ+1MGi8fQ==
Content-Language: en-us
Subject: [AFMUG] Fw: new message
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.20-AFMUG-AWS
Precedence: list
List-Id: Animal Farm <af.afmug.com>
List-Unsubscribe: <http://afmug.com/mailman/options/af>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive: <http://afmug.com/pipermail/af/>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe: <http://afmug.com/mailman/listinfo/af>,
<mailto:[email protected]?subject=subscribe>
Reply-To: [email protected]
Errors-To: [email protected]
Sender: "Af" <[email protected]>
X-SES-Outgoing: 2015.11.04-54.240.10.188
Feedback-ID: 1.us-east-1.nvYPEUE/zoaurQuJrjuT8k8tfWkQJe35FAm6wcSs68o=:AmazonSES
Return-Path:
00000150d443b08d-cae52e36-fce5-48dd-8b95-b6dee4279e95-000...@amazonses.com
Received: from 10.1.8.7 (LHLO mta1.ics-il.net) (10.1.8.7) by
mailbox1.ics-il.net with LMTP; Wed, 4 Nov 2015 14:50:24 -0600 (CST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mta1.ics-il.net (Postfix) with ESMTP id CD40C1CDFA8
for <[email protected]>; Wed, 4 Nov 2015 14:50:23 -0600 (CST)
X-Virus-Scanned: amavisd-new at mta1.ics-il.net
X-Spam-Flag: NO
X-Spam-Score: 2.741
X-Spam-Level: **
X-Spam-Status: No, score=2.741 tagged_above=-10 required=6.6
tests=[BAYES_00=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, PYZOR_CHECK=3.25, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_RED=0.001]
autolearn=no
Authentication-Results: mta1.ics-il.net (amavisd-new); dkim=pass
[email protected]
Received: from mta1.ics-il.net ([127.0.0.1])
by localhost (mta1.ics-il.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id tuk4zzVd-tGN for <[email protected]>;
Wed, 4 Nov 2015 14:50:19 -0600 (CST)
Received: from a10-189.smtp-out.amazonses.com (a10-189.smtp-out.amazonses.com
[54.240.10.189])
by mta1.ics-il.net (Postfix) with ESMTPS id E84C51CDFD7
for <[email protected]>; Wed, 4 Nov 2015 14:50:18 -0600 (CST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1446670218;
h=From:To:Date:Message-ID:MIME-Version:Content-Type:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:Reply-To:Sender:Feedback-ID;
bh=yDCwuPE+S0G0sCY3pIvIZFoSeCnFMeUZTf5NIqLzyqc=;
b=xe1OaMddNPt4z7jIbAS2lq5eZoYvkdTBfMi8gRLNkbnDP9NFulyGq/EJXcRX9DJq
DutiVzsoOGwe2xV5jCQS3Etm1rYEGaQPRiOnQM93j8X9eSr6L6kuYIu6wvKcsvj1o6o
gmu9XXuY8MieySd4jPBJVw9Bp/R9FcVYrbUj8/Hc=
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
From: Patrick Leary <[email protected]>
To: "af" <[email protected]>, "ahopp" <[email protected]>, "alan" <[email protected]>,
"ameader" <[email protected]>
Date: Wed, 4 Nov 2015 20:50:18 +0000
Message-ID:
<00000150d443b08d-cae52e36-fce5-48dd-8b95-b6dee4279e95-000...@email.amazonses.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_4ED093CF.38CE6512"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdEe89OmRbxYnG/HHWLmLalTV5i91Q==
Content-Language: en-us
Subject: [AFMUG] Fw: new message
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.20-AFMUG-AWS
Precedence: list
List-Id: Animal Farm <af.afmug.com>
List-Unsubscribe: <http://afmug.com/mailman/options/af>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive: <http://afmug.com/pipermail/af/>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe: <http://afmug.com/mailman/listinfo/af>,
<mailto:[email protected]?subject=subscribe>
Reply-To: [email protected]
Errors-To: [email protected]
Sender: "Af" <[email protected]>
X-SES-Outgoing: 2015.11.04-54.240.10.189
Feedback-ID: 1.us-east-1.nvYPEUE/zoaurQuJrjuT8k8tfWkQJe35FAm6wcSs68o=:AmazonSES
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange
http://www.midwest-ix.com
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
------------------------------------------------------------------------
*From: *"Steve Discher" <[email protected]>
*To: *[email protected]
*Sent: *Wednesday, November 4, 2015 2:52:35 PM
*Subject: *Re: [AFMUG] new message
Worst part is it is spoofed and it doesn’t come from my mail server,
no SFP match, no DMARC or DKIM match yet everyone’s email server
accepts it happily. Ticks me off but what can I do?
On Nov 4, 2015, at 2:50 PM, Josh Luthman
<[email protected] <mailto:[email protected]>>
wrote:
Oh god not this again.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Wed, Nov 4, 2015 at 3:48 PM, Af <[email protected]
<mailto:[email protected]>> wrote:
Hello!
*New message, please read*
http://casaruralcastillo.com/forget.php
<http://casaruralcastillo.com/forget.php?uvz>
Af
Steve Discher
[email protected] <mailto:[email protected]>
ISP Supplies Office: (855) 947-7776 / Fax: (866) 585-2175
10770 State Hwy. 30, Suite 200 College Station, TX 77845
http://www.ispsupplies.com <http://www.ispsupplies.com/>
Follow my WISP Blog <http://stevedischer.com/wisp-blog/>
Twitter <https://twitter.com/ISPSupplies>Facebook
<https://www.facebook.com/ISPSupplies>Google +
<https://plus.google.com/103869282934854184274>LinkedIn
<https://www.linkedin.com/pub/steve-discher/8/216/7a6>Youtube
<http://www.youtube.com/user/ISPSupplies?feature=guide%22>
